Turn on SECURITY_DMESG_RESTRICT

It was requested by ProdSec that we enable SECURITY_DMESG_RESTRICT as
this makes several security bugs more difficult to exploit.  It should
be noted that this just controls the default setting of
kernel.dmesg_restrict sysctl and thus can be always set back to 0 at
runtime. Users in the wheel group also have access to journalctl -k or
sudo for dmesg access without giving it to every user on the system.

Signed-off-by: Justin M. Forbes <jforbes@fedoraproject.org>